Monitoring OpenVPN Logs for failures

Post Reply
vindahake
OpenVpn Newbie
Posts: 1
Joined: Tue Jan 31, 2017 6:06 pm

Monitoring OpenVPN Logs for failures

Post by vindahake » Tue Jan 31, 2017 6:20 pm

We would like to monitor OpenVPN failed login attempts for any security breach on AWS Linux Server (using standard market place AMI)
We have a log management tool that continuously monitors the log files.

The /var/log/openvpnas.log does not have any information about failed logins.
Is it possible to configure the server to put log failed login error to openvpnas.log?

I did a quick search and there were references to server.conf and changing verb (verbose level) logging but could not find anything for OpenVPN AS

The Online console has Log Management but that information is not available in openvpnas.log file.
A choice would be to run /usr/local/openvpn_as/scripts/logdba but that would be on polling basis and not real time.

Any help will be appreciated to setup logging to openvpnas.log

novaflash
OpenVPN Inc.
Posts: 1068
Joined: Fri Apr 13, 2012 8:43 pm

Re: Monitoring OpenVPN Logs for failures

Post by novaflash » Tue Jan 31, 2017 6:46 pm

If you add "DEBUG_LOGDB=1" to the file /usr/local/openvpn_as/etc/as.conf and restart the Access Server service, it should log all the things that are usually only visible in the Admin UI under "Log Reports" (which includes failed logins) to /var/log/openvpnas.log (or to syslog if you've set Access Server to log to syslog).

mw_fedv
OpenVpn Newbie
Posts: 1
Joined: Mon Jan 11, 2021 2:17 pm

Re: Monitoring OpenVPN Logs for failures

Post by mw_fedv » Mon Jan 11, 2021 2:32 pm

hi there, i need to know if the "openvpnas.log" will cointain vpn-access attempts from unknown user names?
as far as i tested it, try to connect with a non-existend name, there isn't a hint at the openvpnas.log so far.

My goal to get some strings i can search for, to get some alert at my monitoring.

Post Reply